Saturday, January 26, 2019

Critical
Care, Pulmonary & Sleep Associates in Colorado
has notified 23,377 patients of a privacy incident. Their on-site
notice offers a useful reminder that while bad actors may be seeking
to engage in financial theft or fraud, when files with ePHI are
connected to employee email accounts, patients and HHS may wind up
needing to be notified. And so once again, I ask: why was there so
much ePHI connected to employees’ email accounts? How often does
the entity require its employees to transfer data out of their email
accounts and into more secure storage? And should/could the ePHI be
encrypted while it is sitting in an employee’s email account? Or
am I asking the wrong questions? In any event, here is their
notification:

On November 23, 2018, CCPSA discovered
that an unauthorized individual or entity gained access to an
employee’s CCPSA email account and used the email address to send
phishing emails to individuals in the employee’s electronic
contacts seeking fraudulent financial payments.

… CCPSA’s forensic investigation
concluded on December 14, 2018 and determined that there was
unauthorized access to certain CCPSA accounts between August 14 and
November 23, 2018. Importantly, CCPSA’s electronic medical records
platform was NOT compromised or accessed by the hacker.

… "Citizens
have become more conscious of the importance of data protection and
of their rights," First Vice President Frans Timmermans and
other commission officials said.

"And
they are now exercising these rights, as national Data Protection
Authorities see in their daily work. They have by now received more
than 95,000 complaints from citizens," the joint statement
added.

… The
officials, however, pointed out that Brussels was still waiting for
five member countries to adapt the GDPR to their national
legislation.

The
five are Bulgaria, the Czech Republic, Portugal, Slovenia and Greece,
a European source told AFP on condition of anonymity.

The
GDPR is enforced by national data protection agencies.

The
EU has billed the GDPR as the biggest shake-up of data privacy
regulations since the birth of the web, saying it sets new standards
in the wake of the Facebook data harvesting scandal.

The
law establishes the key principle that individuals must explicitly
grant permission for their data to be used and gives consumers the
"right to know" who is processing their information and
what it will be used for.

People
will be able to block the processing of their data for commercial
reasons and even have data deleted under the "right to be
forgotten".

How GDPR-esque. (Have I just invented a word?)
We even see companies opting out of the market.

The Illinois Supreme
Court on Friday upheld consumers’ right to sue companies for
collecting data like fingerprint or iris scans without
telling them how it will be used — a ruling that
could have widespread implications for tech giants like Facebook
and Google.

The unanimous ruling came in a lawsuit filed
against Six Flags Entertainment Corp. by the family of a teenager
whose fingerprint data was collected in 2014 when he bought a season
pass to Great America, the company’s Gurnee amusement park. The
lawsuit alleged violation of the 2008 Illinois Biometric Information
Privacy Act, which has gained attention as biometric data are
increasingly used for tasks such as tagging photos on social media
and clocking in at work.

The law requires companies collecting information
such as facial, fingerprint and iris scans to obtain prior
consent from consumers or employees, detailing how they’ll use the
data and how long the records will be kept. It also
allows private citizens to sue, while other states let only the
attorney general bring a lawsuit.

… Defendants in those cases, including
Facebook, have argued that individuals shouldn’t have the right to
sue if no real damage occurred after they handed over their biometric
information. But the state Supreme Court ruled that violation
of the law is damage enough.

… Nest, a maker of
smart thermostats and doorbells, sells a doorbell with a camera that
can recognize visitors by their faces. However, Nest, owned by
Google parent Alphabet, does
not offer that feature in Illinois because of the biometrics law.

(Related) How would a
customer know this system did not use facial recognition?

Walgreens is piloting a new line of “smart
coolers”—fridges equipped with cameras that scan shoppers’
faces and make
inferences on their age and gender. On January 14, the company
announced
its first trial at a store in Chicago in January, and plans to
equip stores in New York and San Francisco with the tech.

Demographic information is key to retail shopping.
Retailers want to know what people are buying, segmenting shoppers
by gender, age, and income (to name a few characteristics) and then
targeting them precisely.

… Crucially, the “Cooler Screens” system
does not use facial recognition. Shoppers aren’t identified when
the fridge cameras scan their face. Instead, the cameras analyze
faces to make inferences about shoppers’ age and gender. First,
the camera takes their
picture, [Does
it ever delete it? Bob] which an AI system will measure
and analyze, say, the width of someone’s eyes, the distance between
their lips and nose, and other micro measurements. From there, the
system can estimate if the person who opened the door is, say, a
woman in her early 20s or a male in his late 50s. It’s
analysis, not recognition.

… The sudden rise and fall of different
techniques has characterized AI research for a long time, he says.
Every decade has seen a heated competition between different ideas.
Then, once in a while, a switch flips, and everyone in the community
converges on a specific one.

At MIT Technology Review, we wanted to visualize
these fits and starts. So we turned to one of the largest
open-source databases of scientific papers, known as the arXiv
(pronounced “archive”). We downloaded the abstracts of all
16,625 papers available in the “artificial intelligence” section
through November 18, 2018, and tracked the words mentioned through
the years to see how the field has evolved.

Through our analysis, we found three major trends:
a shift toward machine learning during the late 1990s and early
2000s, a rise in the popularity of neural networks beginning in the
early 2010s, and growth in reinforcement
learning in the past few years.

Friday, January 25, 2019

Axios:
“An Axios study shows that very few news organizations — around
6% of a broad sample — successfully use a critical technology that
guarantees emails they send are authentic. The
big picture:We’ve written before
about the Department of Homeland Security’s struggle to get federal
agencies and the White House to implement DMARC, a security
protocol that prevents someone from successfully sending an email
using someone else’s email address. It’s only fair to turn that
lens on our own industry.

Why it
matters:As the news industry
increases its reliance on email alerts and newsletters (represent!),
our credibility makes us a target for spammers, scammers and
purveyors of disinformation or fraud.

Imagine a news
alert that appears to come from a business publication claiming a
company was going bankrupt.

Or consider a newsletter on Election Day
claiming a candidate had suddenly changed position on a key issue.

I should have linked to this yesterday. Worth
looking at the Cyber and AI issues.

Last year, our survey revealed record-breaking CEO
optimism. This year, chief executives tell a different story. Trade
conflicts, political upset, and a projected slowdown in global
economic growth have increased uncertainty and decreased confidence
in revenue prospects. Explore the strategies organisations are using
to navigate this new environment.

… Meeting
data security requirements, internal training, keeping up with
evolving developments, complying with privacy-by-design requirements,
and meeting data subject access requests were cited as some of the
most significant challenges in getting ready for GDPR.

The
number of organizations that have reported sales delays due to data
privacy concerns has increased to 87%, from 66% in the previous year.
However, Cisco found that sales delays were 1-2 weeks shorter in the
case of GDPR-ready organizations, compared to ones that expect to
become compliant within a year or more.

While
a majority of the surveyed companies admitted being hit by a data
breach in the past year, the percentage of GDPR-ready organizations
affected was 74%, compared to 80% in the case of organizations that
expect to become ready in less than a year and 89% for ones that
still have a long way to go.

Furthermore,
GDPR-ready organizations that have suffered a data breach reported
that the average number of impacted records was 79,000, compared to
212,000 reported by non-compliant organizations.

Cisco
also found that the system downtime associated with a breach was
shorter in the case of GDPR-ready firms, and the costs of dealing
with the incident were also considerably smaller.

"We've
worked hard to create a GDPR consent process for personalised ads
that is as transparent and straightforward as possible, based on
regulatory guidance and user experience testing," the company
said in a statement.

"We're
also concerned about the impact of this ruling on publishers,
original content creators and tech companies in Europe and beyond,"
it added.

"For
all these reasons, we've now decided to appeal."

This might work, until I figure how to keep the
tag and change the content.

Twitter is testing a way to make it easier to spot
the person who started a thread. A small percentage of iOS and
Android users are seeing an "original tweeter" label. The
company said
earlier this month that it would publicly test some context and
organization features.

It's a useful feature, and it could reduce some
types of abuse, particularly if the original tweeter is, say, Bill
Gates and the replies include those from scammy imitation accounts.
The label, along with the blue verified checkmark, could make it more
immediately obvious when Gates himself is replying

Mark Zuckerberg, Facebook’s chief executive,
plans to integrate the social network’s messaging services —
WhatsApp, Instagram and Facebook Messenger — asserting his control
over the company’s sprawling divisions at a time when its business
has been battered by scandals.

… Mr. Zuckerberg has also ordered all of the
apps to incorporate end-to-end encryption, the people said, a
significant step that protects messages from being viewed by anyone
except the participants in the conversation. After the changes take
effect, a Facebook user could send an encrypted message to someone
who has only a WhatsApp account, for example. Currently, that isn’t
possible because the apps are separate.

Select the new machines
as if everyone expects you to rig the election.

Georgia's
new elections chief asked lawmakers Wednesday for $150 million to
replace the state's outdated electronic voting machines. In doing
so, he
all but closed the door on a hand-marked paper balloting system that
experts say is cheapest and most secure.

… The
current machines and Georgia's registration practices became
the subject of national criticism during last year's governor's
race between Democrat Stacey Abrams and Republican Brian Kemp. Kemp
served as secretary of state and refused
calls to resign from overseeing his own election. He stepped down
two days postelection after declaring himself the winner.

High profile Australian business and technology
leaders Genevieve Bell and David Thodey are backing a push to create
a new organisation to lead the development of an ethical framework
for artificial intelligence.

An MIT
researcher who analyzed facial recognition software found eliminating
bias in AI is a matter of priorities

When we talk about algorithms and automation, we
can't assume that handing responsibilities over to a machine will
eliminate human biases. Artificial intelligence, after all, is
constructed and taught by humans.

MIT Media Lab researcher and Algorithmic
Justice League founder Joy Buolamwini has made it her mission not
only to raise awareness of bias in facial recognition software, but
also to compel companies around the world to make their software more
accurate and to use its capabilities ethically.

… There are real stakes here. As she noted in
a viral TED
Talk and a New
York Times editorial, it's one thing to have Facebook confuse
people when analyzing a photo, but another when law enforcement or a
potential employer is utilizing such software.

’It’s a
matter of life or death’: Cell, internet outages prevent town from
calling 911

When someone is in an emergency, the response time
from emergency crews can be the difference between life or death.
However, neighbors in Fair Bluff can’t even reach those emergency
crews because of recent cell and Internet outages.

People in the town said the outages have happened
several times for several
hours over the past month.

… WECT called the town’s cell and Internet
provider, RiverStreet Networks, about the issue.

A spokesperson said the outages are due to
companies working in the Raleigh area accidentally cutting a fiber
line. The spokesperson said those fiber lines connect to Fair Bluff.
She said the company that
does the damage has to fix it, so doesn’t know how long repairs
will take.

… The outages are also affecting businesses.
When the Internet is down, most places can only take cash, no cards.

Worth reading for the cyber threats and artificial
intelligence issues.

“This National
Intelligence Strategy (NIS) provides the Intelligence Community
(IC) with strategic direction from the Director of National
Intelligence (DNI) for the next four years. It supports the national
security priorities outlined in the National Security Strategy as
well as other national strategies. In executing the NIS, all IC
activities must be responsive to national security priorities and
must comply with the Constitution, applicable laws and statutes, and
Congressional oversight requirements.”

“…The strategic environment is
changing rapidly, and the United States faces an increasingly complex
and uncertain world in which threats are becoming ever more diverse
and interconnected. While the IC remains focused on confronting a
number of conventional challenges to U.S. national security posed by
our adversaries, advances
in technology are driving evolutionary and revolutionary change
across multiple fronts. The IC will have to become more
agile, innovative, and resilient to deal effectively with these
threats and the ever more volatile world that shapes them. The
increasingly complex, interconnected, and transnational nature of
these threats also underscores the importance of continuing and
advancing IC outreach and cooperation with international partners and
allies..”

The public will learn how often federal
investigators in Seattle obtain
private details about your communications, such as who you called
and when, as a result of a petition to unseal those records brought
by EFF client The
Stranger.

Federal prosecutors and the U.S. District Court
for the Western District of Washington clerk’s office have
agreed to begin tracking and docketing various forms of
warrantless surveillance requests and next year will issue reports
every six months detailing the cases.

“It is a high-risk, high-reward enterprise to
write a scholarly monograph on an emerging technology when its
societal use, economic worth, and even its technical design are still
in flux. With little empirical material with which to work, one
often has to resort to extrapolating the future developments from the
myriad seed of possibilities of the present. Yet, there are moments
in time when undertaking such an enterprise seems inevitable, because
there is a rough consensus that the emerging technology represents
more than just an incremental improvement of already existing
routines, and promises—or threatens—a disruption of the status
quo. Such is the case of blockchain or distributed ledger
technologies. In that light, Primavera De Filippi and Aaron Wright’s
Blockchain and the Law is a timely and valuable contribution.”

… The Chinese government has made tech
dominance a priority in its "Made in China 2025" plan.

Chinese leaders are pouring government money into
AI research and development in a scientific push that has been
compared to the space race or the Manhattan Project that the United
States government funded during World War II to develop a nuclear
weapon.

… For the first time this year, consulting
firm PwC used its annual CEO survey to ask global business leaders
whether they thought AI would have a larger impact that the Internet.

Eighty-four per cent of Chinese executives said AI
would be bigger than the Internet, while only 38 per cent of American
executives said the same.

… The survey asked executives how widely they
had deployed AI initiatives in their company.

China was by far the leader, with a quarter of
Chinese business leaders saying AI was utilised in a wide scale at
their firm. Only 5 per cent of US executives said the same.

Digital
technology makes piracy easier and thus has long threatened the
dominance of Hollywood studios, the music industry and publishers in
the creation and distribution of content. But this technology also
lets anyone develop and disseminate content: Authors self-publish,
musicians bypass record labels to release songs directly to the
public, and filmmakers do the same without a major studio.

This
democratization has led to a tsunami of content and ushered in a new
Golden Age of entertainment, said Joel Waldfogel, associate dean of
MBA programs at the University of Minnesota and a former Wharton
professor of business economics and public policy.

… we find ourselves confronted with neural
nets being used to serve up contextual illustrations of children so
parents can gift personalized books that seamlessly insert a child’s
likeness into the story, thereby casting them as a character in the
tale.

… And while they note there are other
publishing services that offer the chance to insert a bit of custom
text and photography into a book they claim their collaboration is
the only publishing technology that does this “seamlessly”, i.e.
thanks to the AI’s style blending fingers.

… Kabook,
which was set up last year — describing itself as “a
technology-based” children’s book publisher, with a focus on kids
aged 0-7 years — is currently offering four stories that can be
personalized with a kid’s AI-generated likeness.

Three of the books incorporate just one custom
image into the story. While a fourth, called Hornswoggled!,
makes uses of seven photos in a pirate-themed buried treasure
adventure.

The personalized stories start at $24.99 per book,
with hard and soft cover versions available.

Wednesday, January 23, 2019

A pilot told air traffic control that one of the
drones came within 30ft (9m) of his aircraft.

He was flying at Teterboro Airport, a nearby
private facility, but officials closed Newark International as a
precaution.

… Speaking about Tuesday's drone scare in New
Jersey, the Federal Aviation Authority (FAA) said in a statement: "At
approximately 5pm, we received two reports from incoming flights into
Newark that a drone was sighted at about 3,500ft above Teterboro, New
Jersey.

A
new report from Check Point discusses major cyber incidents from
2018. From these data points, Check Point's analysts look for
current trends in malware and attacks, in order to prepare for 2019's
future attacks.

According
to Check Point's Cyber
Attack Trends Analysis 2019
report, the major attack categories and incidents from 2018 include
ransomware (such as attacks against the City
of Atlanta and the Ukraine
Energy Ministry); data breaches (such as those affecting Exactis,
and Marriott
Hotels); mobile malware (such as AdultSwine and Man in the Disk);
cryptocurrency attacks (such as Jenkins Miner and RubyMiner); botnet
attacks (such as those from IoTroop and attacks against Democrat
candidates during the 2018 primary's season); and APT attacks (such
as Big
Bang and SiliVaccine).

"Indeed,"
says the report (PDF),
"never does a day go by that we do not see organizations under
constant attack from the ever-growing number of malware spreading at
higher rates than ever."

Colorado
journalists on the crime beat
are increasingly in the dark. More than two-dozen law enforcement
agencies statewide have encrypted allof their radio communications, not
just those related to surveillance or a special or sensitive
operation. That means journalists and others can’t listen in using
a scanner or smartphone app to learn about routine police calls.

Law enforcement
officials say that’s basically the point. Scanner technologyhas becomemore
accessible through smartphone apps, and encryption has become easier
and less expensive. Officialssaythat
encrypting all radio communications is good for police safety and
effectiveness, because suspects sometimes use scanners to evade or
target officers, and good for the privacy of crime victims, whose
personal information and location can go out over the radio.

… “You
can’t get out to cover something if you don’t know it’s
happening, and journalists would be at the mercy of police public
information officers. Do we want the first draft of history dictated
by police PIOs?”

Definitely not.
A national studypublishedin
2017 found that police PIOs zealously try to control the narratives
about their departments. That’s especially concerning in Colorado,
where law enforcement officials havedownplayedtransparency
implications bysayingthey
will release information about breaking news on social media, in
press releases, and in daily reports—as if those are reasonable
substitutes for independent reporting.

That holds even in a state with a “stop
and identify” law, and even if the initial stop of the car (for a
traffic violation committed by the driver) was legal.

The opinion by a three-judge panel of the
9th Circuit earlier this month in US
v. Landeros is one of the most significant decisions to date
interpreting and applying the widely-misunderstood 2004 US Supreme
Court decision in Hiibel
v. Nevada.

… Instead of using websites on the darknet,
merchants are now operating invite-only channels on widely available
mobile messaging systems like Telegram.

… The other major change is the use of "dead
drops" instead of the postal system which has proven vulnerable
to tracking and interception. Now, goods are hidden in publicly
accessible places like parks and the location is given to the
customer on purchase. The customer then goes to the location and
picks up the goods. This means that delivery becomes asynchronous
for the merchant, he can hide a lot of product in different locations
for future, not yet known, purchases. For the client the time to
delivery is significantly shorter than waiting for a letter or parcel
shipped by traditional means - he has the product in his hands in a
matter of hours instead of days. Furthermore this method does not
require for the customer to give any personally identifiable
information to the merchant, which in turn doesn't have to safeguard
it anymore. Less data means less risk for everyone.

The use of dead drops also significantly reduces
the risk of the merchant to be discovered by tracking within the
postal system. He does not have to visit any easily to surveil post
office or letter box, instead the whole public space becomes his
hiding territory.

… “To most Indians, the smartphone is their
first camera, first TV, first video device, first Walkman, and first
MP3 player. It may even be their first alarm clock and calculator,”
according to Ravi Agrawal, managing editor of Foreign Policy
and former CNN New Delhi bureau chief. That is the dramatic change
this small device is bringing to hundreds of millions of Indians, as
extremely low-cost smartphones and data plans increasingly become
available.

Technology in India has traditionally been only
available to the rich, to English speakers, and to city dwellers,
Agrawal noted.

… In addition to breaking the financial
barrier, smartphones have broken the language barrier. Most of the
population doesn’t speak English, and English used to be a
necessity for internet use. But “smartphones have changed all of
that,” observed Agrawal. Now if you speak Hindi, Bengali, or one
of India’s many other tongues, multilingual software enables you to
type, search, and read online.

Even illiterate individuals — of whom there are
nearly 300 million in India — can learn to use the device. With
the Google Assistant, they can say in their own language, for
example, “‘Show me the Taj Mahal,’ and up pops a video showing
them this great wonder that they’ve all heard of but never seen,”
notes Agrawal. So in some
ways the smartphone is a great equalizer.

… Yet with all the apparent benefits, “there
is so much that can go wrong,” said Agrawal. One problem is the
proliferation of “fake news,” which he noted has sparked
religiously-motivated lynchings and other violence.

India has also experienced more internet shutdowns
than any other nation — Syria and Iraq follow — in which the
government temporarily pulls the plug in the name of halting rumors
that spark unrest.

… There’s also been an explosion in
pornography, Agrawal notes. “The head of one of India’s biggest
wireless companies told me that 70% of his company’s bandwidth is
porn, believe it or not.”

Tonga's
ability to communicate with the rest of the world has severely been
restricted after a submarine cable broke, cutting off the Pacific
island kingdom from almost all mobile phone and Internet services.

… "There's no Facebook, which is how the
Tongan diaspora communicate with each other, businesses can't get
orders out, airlines can't take bookings for passengers or freight."

While the authorities look into the cause and
struggle to find a solution to the disruption, which began on Sunday,
they have turned to a small, locally operated satellite connection as
back-up.

Via LLRX – 10
x 10: 100 Insightful KM Resources – KM expert Stan
Garfield shares ten categories of KM resources, each with
ten links to useful sources of knowledge about the field. The ten
resources in each category are recommended starting points for those
who want to learn more about KM. Each category heading is linked to
a more extensive list for greater exploration.

The future? Probably not for my 11 mile round
trip to school, but I could see a Leadville to Denver hop.

Boeing’s
passenger air vehicle prototype rises into the sky for its first test
flight

Boeing says it has successfully completed the
first test flight of a prototype for its autonomous passenger air
vehicle, which could start carrying riders as early as next year.

The test was executed on Tuesday at an airport in
Manassas, Va., near the headquarters of Aurora
Flight Sciences, the Boeing
subsidiary that’s been developing the electric-powered,
vertical takeoff-and-landing aircraft, also known as an eVTOL craft.

… The craft is 30 feet long and 28 feet wide,
with eight rotors for vertical lift and a tail rotor to facilitate
forward flight. It’s designed to fly in full autonomous mode with
a maximum range of 50 miles.

“This is what revolution looks like, and it’s
because of autonomy,” said John Langford, president and CEO of
Aurora Flight Sciences. “Certifiable autonomy is going to make
quiet, clean and safe urban air mobility possible.”

Confusing. Surely they aren’t saying they found
another chemical that does exactly what the patented chemical does.
This is about a process that extracts a drug.

Drug companies spend billions developing and
protecting their trademark pharmaceuticals. Could artificial
intelligence be
about to shake things up? In a breakthrough development,
researchers have demonstrated an A.I. which can find new methods for
producing existing drugs in a way that doesn’t infringe on existing
patents.

… As exciting as the work is, however, don’t
expect this to be anything that brings down the world of big pharma —
if that’s what you’re hoping for. Chematica, which was bought by
pharma giant Merck in 2017, is more likely to be used to help these
companies better protect their intellectual property.

“[In
our latest] paper we tackled three blockbuster drugs, very
heavily guarded by patents — and yet a ‘stupid’ computer
managed to find synthetic bypasses,” Grzybowski said. “Now, what
if your competitors were to use such a tool? Could they bust your
patents? Should you also use the tool? What if they come up with a
better version? These sorts of question might point to an arms race
in developing similar and competing software solutions.”

Via LLRX
– Deep
Web Research and Discovery Resources 2019 – How big is the Deep
Web? It is estimated to comprise 7,500 terabytes – although an
exact size is not known, and the figures vary widely on this
question. The magnitude, complexity and siloed nature of the Deep Web
is a challenge for researchers. You cannot turn to one specific guide
or one search engine to effectively access the vast range of
information, data, files and communications that comprise it. The
ubiquitous search engines index, manage and deliver results from the
Surface web. These search results include links, data, information,
reports, news, subject matter content and a large volume of
advertising that is optimized to increase traffic to specific sites
and support marketing and revenue focused objectives. On the other
hand, the Deep Web – which is often misconstrued as a repository of
dark and disreputable information [Note – it is not the Dark Web],
has grown tremendously beyond that characterization to include
significant content on a wide range of subject matters covering a
broad swath of files and formats, databases, pay-walled content as
well as communications and web traffic that is not otherwise
accessible through the surface Web. This comprehensive multifaceted
guide by Marcus Zillman providers you with an
abundance of resources to learn about, search, apply appropriate
privacy protections, and maximize your time and efforts to conduct
effective and actionable research within the Deep Web.

Zimbabwe has been ravaged by widespread local
unrest the past week. The catalyst? A controversial decision to
increase the prices of petrol and diesel by a massive 150 percent.

Citizens of Zimbabwe have since this voiced their
dissatisfaction with this decision through a series of protests and
demonstrations. Social media platforms such as Twitter, Facebook,
YouTube and WhatsApp have been integral in organizing these events.

… As such, it would appear that the
governmental-led shutdown of the internet has led to immensely worse
consequences. The national economy has effectively been disabled –
however, this was not caused by the protestors, rather, it was the
work of the government’s actions.

… a preexisting liquidity crisis in the
country has already led citizens towards alternative means of
exchange, such as cryptocurrencies or other cashless alternatives
such as bank cards.

All of these payment systems have now been
rendered moot, due to the government’s actions. It remains to be
seen how all of this will ultimately play out – but it already
seems plain that the government’s fear of economic turmoil has
caused exactly that.

The Governor of Massachusetts recently signed
House Bill No.
4806 into law, which will amend certain provisions of the state’s
data breach notification law. In addition to changing the
information that must be included in notifications to regulators and
individuals, the amendments will also require entities to provide
eighteen months of free credit monitoring services following breaches
involving Social Security numbers. The amendments, which will enter
into force on April 11, 2019, are discussed in greater detail below.

A squad of 14 New York Police Department drones
will
soon be soaring over the city’s skyline, with the ability to
record people’s lives, even if that’s not their stated use. Some
will be equipped with infrared cameras that have the ability to see
through walls and record the privacy of bedrooms, although, again,
NYPD says this isn’t the intent. Still, the technology isn’t
just creepy (though it is creepy); if not monitored carefully, its
deployment raises the specter of uses beyond those currently planned
by the NYPD that could be illegal.

… New Yorkers are being asked to take the NYPD
at its word, but many New Yorkers want a stronger guarantee. This is
part of why advocates and activists are pushing for the
Public Oversight of Technology Act (“POST Act”), a New York
City Council bill that would require the NYPD to develop and
publicize an “impact and use policy” for each piece of
surveillance technology it purchases.

… in early 2017, the police booking station in
Bensalem became the first in the country to install a Rapid DNA
machine, which provides results in 90 minutes, and which police can
operate themselves. Since then, a growing number of law enforcement
agencies across the country — in Houston, Utah, Delaware — have
begun operating similar machines and analyzing DNA on their own.

… In 2017, President Trump signed into law the
Rapid DNA Act, which, starting this year, will enable approved
police booking stations in several states to connect their Rapid DNA
machines to Codis, the national DNA database. Genetic
fingerprinting is set to become as routine as the old-fashioned kind.

… But already many legal experts and
scientists are troubled by the way the technology is being used. As
police agencies build out their local DNA databases, they are
collecting DNA not only from people who have been charged with major
crimes but also, increasingly, from people who are merely deemed
suspicious, permanently linking their genetic identities to criminal
databases.

Google has been fined $56.8 million by privacy
regulators in France, marking the country’s first use of the tough
new privacy rules enacted in Europe last year. Specifically, the
company is accused of violating provisions of the General Data
Protection Regulation (GDPR) by using, without proper consent, the
private data of users to craft personalized ads; and by burying key
privacy disclosures pages deep, amid oceans of text.

In a statement Monday, France’s privacy
watchdog, CNIL, said that Google had been fined for needlessly
obscuring information concerning the processing of its users’ data,
which Europe’s privacy rules demand be made more easily accessible.
Essential information about how user data is processed, stored, and
used, it said, was “excessively disseminated across several
documents.” It required,
in some cases, up to five or six steps to unearth key disclosures,
including details of how Google amasses personal information to help
it pinpoint a user’s location.

… the French commission found Google’s
process for informing users about what precisely they’re consenting
to to be wholly inadequate.

… “We have found that large corporations
such as Google simply ‘interpret the law differently’ and have
often only superficially adapted their products,” Schrems
reportedly told the station. “It is important that the authorities
make it clear that simply
claiming to be compliant is not enough.”

… The doctor’s registration on the register
of healthcare professionals was initially suspended by a disciplinary
panel because of her postoperative care of a patient. After an
appeal, this was changed to a conditional suspension under which she
was allowed to continue to practise.

But the first results after entering the doctor’s
name in Google continued to be links to a website containing an
unofficial blacklist, which it was claimed amounted to “digital
pillory”.

… The judge said that while the information on
the website with reference to the failings of the doctor in 2014 was
correct, the pejorative name of the blacklist site suggested she was
unfit to treat people, and that was not supported by the disciplinary
panel’s findings.

The court further rejected Google’s claim that
most people would have difficulty in finding the relevant information
on the medical board’s Big-register,
where the records are publicly held.

The surgeon’s lawyer, Willem van Lynden, from
the Amsterdam firm MediaMaze, said the ruling was groundbreaking in
ensuring doctors would no longer be judged by Google on their fitness
to practise.

… The
state regulator has repeatedly warned the companies they could be
banned if they do not comply with a 2014 law requiring social
networking sites to store the personal data of Russian users inside
the country.

Zharov
said Facebook and Twitter provided "no concrete information on
localising the data of Russian users on the territory of the Russian
Federation."

He
added that the companies also did not provide a "timeframe"
for when they plan to store the data of Russian users in Russia.

The
2014 law has caused widespread concern as it is seen as putting the
information of Russian users at risk of being accessed by the
country's intelligence services.

“Predictive judicial
analytics holds the promise of increasing the fairness of law. Much
empirical work observes inconsistencies in judicial behavior. By
predicting judicial decisions—with more or less accuracy depending
on judicial attributes or case characteristics—machine
learning offers an approach to detecting when judges most likely to
allow extra legal biases to influence their decision making.
In particular, low predictive accuracy may identify cases of
judicial “indifference,” where case characteristics (interacting
with judicial attributes) do no strongly dispose a judge in favor of
one or another outcome. In such cases, biases may hold greater sway,
implicating the fairness of the legal system.”

Companies are adopting artificial intelligence
(AI) like it’s going out of style, according to a new report by
Gartner.
The Stamford firm’s 2019 CIO Survey of more than 3,000 executives
in 89 countries found that AI implementation grew a whopping 270
percent in the past four years, and 37 percent in the past year
alone.

… “If you are a CIO and your organization
doesn’t use AI, chances are high that your competitors do and this
should be a concern.”

Are sitdown
scooters the next big urban craze? Austin is about to find out

… Already home to thousands of electric
scooters, many of them crowding downtown sidewalks, the Central Texas
city will be the first to experience a new generation of shareable
electric scooters from an Oxnard, California-based company called Ojo
Electric. Unlike well-known scooter companies such as Bird and Lime,
Ojo's models are bulkier and include a seat.

Referred to as a "light electric vehicle,"
the scooters can travel 50 miles on a single charge and have a top
speed of 20 mph, in compliance with city regulations, the company
said in a news release. The company says their vehicles are designed
for bike lanes and streets.

Quartz:
“The eight Ivy League schools are among the most prestigious
colleges in the world. They include Brown, Harvard, Cornell,
Princeton, Dartmouth, Yale, and Columbia universities, and the
University of Pennsylvania. All eight schools place in the top
fifteen of the US News and World Report 2018 national university
rankings. These Ivy League schools are also highly selective and
extremely hard to get into. But the good news is that all these
universities now offer free online courses across multiple online
course platforms.

Monday, January 21, 2019

There does not seem to be any more detail, yet. To make this work,
the ‘vouchers’ must not be identifiable as part of the group
stolen. How would they track customer usage? Note: Another easily
identified and easily fixed bug?

… The cyber fraud scam started with a
fraudulent email from Chinese
hackers, spoofed to appear as if it were coming from the CEO
of the company in Italy. The message was written in the tone and
style of the CEO, and raised the prospect of a “secretive” and
“highly confidential” acquisition that could only be pulled off
if funds were wired to bank accounts in Hong Kong. After follow-up
emails, there were then
telephone conference calls between Italy and India, with
Chinese fraudsters impersonating top executives and lawyers. They
convinced the local Indian office that regulatory rules prevented a
direct payment from corporate HQ in Milan; thus, the onus was on the
local Indian operation to fund the acquisition. Payments were sent
in three separate tranches of $5.6 million, $9.4 million, and $3.6
million. However, just before the fourth and final payment was about
to be made, the real chairman of the Italian company showed up in
India for a year-end visit. It’s not hard to imagine what happened
next.

… But here’s where there is still a lot to
explain: how did Chinese fraudsters impersonate top European
officials, including one claiming to be a top Swiss lawyer? At some
point, wouldn’t really bad accents or awkward phrases tip off the
Indian officials that someone was being conned?

… In short, instead of a few hackers in
pajamas trying to hack into computer systems from their basements, we
may be seeing the rise of sophisticated global crime syndicates and
hacking groups that are far more formidable adversaries for corporate
IT directors.

No more “fake news” broadcasts? Of course if
each of the five recipients forward the message to five friends, who
each forward to five friends…

Facebook Inc's WhatsApp messenger service is
globally limiting message ‘forwards’ to five chats at a time, a
practice it had introduced in India in July last year to crack down
on spread of rumours and fake news through its platform.

… The messaging platform—which counts India,
Brazil and Indonesia among its major markets—said it will continue
to listen to user feedback on their experience, and “over time,
look for new ways of addressing viral content”.

… The move comes at a time when governments
and regulators across the world are looking at effective ways to curb
the spread of fake messages through digital platforms.

Gather
a mob and Facebook
will now let you make political demands. Tomorrow Facebook will
encounter a slew of fresh complexities with the launch of Community
Actions, its News Feed petition feature. Community Actions could
unite neighbors
to request change from their local and national elected officials and
government agencies. But it could also provide vocal interest groups
a bully pulpit from which to pressure politicians and bureaucrats
with their fringe agendas.

Community Actions embodies the central challenge
facing Facebook. Every tool it designs for positive expression and
connectivity can be subverted for polarization and misinformation.

… The question will be where Facebook’s
moderators draw the line on what’s appropriate as a Community
Action, and the ensuing calls of bias that line will trigger.
Facebook is employing a combination of user flagging, proactive
algorithmic detection, and human enforcers to manage the feature.
But what the left might call harassment, the right might call free
expression. If Facebook allows controversial Community Actions to
persist, it could be viewed as complicit with their campaigns, but
could be criticized for censorship if it takes one down. Like fake
news and trending topics, the feature could become the social
network’s latest can of worms.

… Details are, as TechCrunch noted, “scarce,”
but there’s a lot of speculation that Uber is investigating
autonomous versions of the scooters and bikes of the short-term
rental type that have already taken over many major cities. The
Telegraph reported that Uber has begun hiring for the
Micromobility Robotics team, which it wrote had the goal of
developing scooters and bikes that can drive to charging stations
themselves, or possibly to go and pick up riders after the prior
passenger disembarks.

… like competitors Bird and Lime (the latter
of which Uber owns
a minority stake in) the logistics of using a small army of
contractors to pick up the scooters after rides are already a major
money-burner.

… As TechCrunch noted, Uber Jump recently
unveiled a series of upgrades to give some of its bikes
“self-diagnostic capabilities and swappable batteries,” designed
to minimize downtime. Self-driving scooters are an obvious way to
further streamline the business.

Sunday, January 20, 2019

… Google’s navigation app, Google Maps, is
starting to roll out speed
limit and speed
trap features, according to AndroidPolice.com.

With the speed limit feature, drivers using Google
Maps will be shown the post speed limit of the road they’re driving
on in the lower left side of the app. Speed traps are designated
with a small camera icon and shown on the visible area of the map.
AndroidPolice’s source also reports that Google Maps provides an
audio warning for drivers when they are approaching a speed trap.

An alleged hitman has learned hard lessons about
the the value
of GPS data on fitness watches. A Liverpool jury has
found Mark Fellows guilty of the 2015 murder of mob boss Paul
Massey in part thanks to location info from the accused's Garmin
Forerunner. An expert inspecting the watch's info discovered
that Fellows had recorded a 35-minute trip that took him to a field
just outside Massey's home ahead of the murder. He appeared to be
scouting the route he would take later to perform the hit, a claim
supported by cell site and CCTV evidence showing Fellows driving his
car past Massey's house numerous times in the week before the
slaying.

Massey's murder had gone unsolved until the 2018
killing of his associate John Kinsella, where surveillance footage
showed Fellows biking a similar scouting route before pulling the
trigger. That led law enforcement to see if there were any
connections to the Massey case. Fellows
had a GPS jammer in his car when police investigated in
2018, suggesting that he knew enough to avoid location data at some
point – just not while he was scouting Massey three years earlier.

I know lots of smart people. Maybe I should start
an Institute? Do you think this one is there to provide Facebook
with an “academic” justification?

Facebook
backs Institute for Ethics in Artificial Intelligence with $7.5
million

Facebook will donate $7.5 million for the creation
of The Institute for Ethics in Artificial Intelligence, a research
center being made to explore topics such as transparency and
accountability in medical treatment and human rights in human-AI
interaction.

… Like initiatives undertaken by other AI
research think tanks, the Institute for Ethics in Artificial
Intelligence will work to share its research through conferences and
symposiums with the wider community of AI practitioners.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.